According to the report, the attacker would first compromise a Gmail account. From there, they would send an image attachment that is disguised as a PDF file to email addresses that can be found on the compromised account.
- Should the recipient click on the attachment, they would be brought to a fake Google sign-in page.
- The sign-in page has been disguised well as the address bar would show the accounts.google.com subdomain, which is good enough to fool a lot of people, even some tech savvy ones.
- From there, the phishers would be able to acquire additional login credentials, allowing them to start the cycle all over again with a fresh batch of emails.
As devious as this method may seem, there is a simple way that you can protect yourself from this attack: enabling Google’s "two-factor authentication system". Even if you’ve somehow managed to be duped by the fake Google login screen, the attackers won’t be able to gain access to your account as they would not be able to enter the code that Google provides.
Source: The Hacker News